<?php 

include("db_connect.php");
include('session.php');

?>
<html>
<head>
  <title>Login</title>
  </head>
<body>

<?
if(!isset($_SESSION['user_id'])){
  if(isset($_REQUEST['email'], $_REQUEST['password'])) {
    $result = mysql_query("SELECT password, id FROM users WHERE email = '" . mysql_real_escape_string($_REQUEST['email']) . "'");
     if($row = mysql_fetch_array($result) ) {
       if($_REQUEST['password'] == $row['password']){
        echo "You are now logged in";
        $_SESSION['user_id'] = $row['id'];
       } else {
        echo "You are not logged in";
        ?>
        <a href="login.php">Back</a>
        <?
       }
    } else {
      echo "You are not logged in";
      ?>
      <a href = "login.php">Back</a>
      <?
    }
  } else {
  ?>
    <h1>Login</h1>
    <form action="login.php" method="POST">
      Email: <input type="text" name="email"><br />
      Password: <input type="password" name="password"><br />
      <input type="submit" value="login" />
    </form>
  <? }
} else {
  echo "You are already logged in";
  }
?>
  </body>
</html>
